This happens because addr.sa_data copied from the userspace is notzero-terminated, and copying it with strlcpy() in packet_bind_spkt()results in calling strlen() on the kernel copy of that non-terminatedbuffer.